A remote stack-based buffer overflow has been discovered in Eggdrop.
|Package||net-irc/eggdrop on all architectures|
|Affected versions||< 1.6.18-r3|
|Unaffected versions||>= 1.6.18-r3|
Eggdrop is an IRC bot extensible with C or Tcl.
Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.
A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.
There is no known workaround at this time.
All Eggdrop users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3"
September 15, 2007
September 26, 2007: 02